The present invention relates to the field of software applications generally, and specifically to the implementation of financial applications. The corporate accounting scandals surrounding WorldCom, Enron and Tyco in 2002, have spurred the passage of the Sarbanes-Oxley Act of 2002. The Act creates an obligation for officers of a company to warrant to their shareholders the accuracy of the company's accounting information, the controls in place to safeguard the assets of the company, and the validity of the financial statements they produce. Although these obligations have previously existed in a weaker form in the United States, the advent of the Sarbanes-Oxley Act has made these obligations much stronger. Any company that is listed on an American stock exchange has these obligations.
The Act codifies a framework for internal accounting controls specified by the committee of Sponsoring Organizations of the Treadway Commission (COSO). COSO establishes three categories of controls: Effectiveness and Efficiency of Operations; Reliability of Financial Reporting; and Compliance with Laws and Regulation. COSO also establishes five interrelated components of effective internal control: Control Environment; Risk Assessment; Control Activities; Information and Communications; and Monitoring. In summary, the methodology prescribed by COSO includes identifying the opportunities for fraudulent reporting, determining the risks arising from these opportunities, and then providing accounting controls to mitigate these risks.
Because company officers are responsible under the Sarbanes-Oxley Act for warranting the accuracy of their company's accounting information, company officers depend on their auditors to investigate and resolve audit issues. To provide company officers with an adequate basis for warranting the accuracy of their company's accounting information, auditors need to develop audit opinions for all of the organizations, processes, risks, and risk controls in the company. Previously, audit operations have not be structured towards the requirements of the Sarbannes-Oxley Act. Thus, auditors must perform a traditional audit of the company and then repurpose these audit results to the structure of the Sarbannes-Oxley Act. Company officers can then review the auditor's evaluations of the organizations, processes, risks, and risk controls in the company to decide whether to warrant the company's accounting information. The process of repurposing accounting information to the structure specified by the Sarbannes Oxley Act is time-consuming and auditors may omit or overlook crucial aspects of a company.
It is therefore desirable for an audit system to provide a logical and structured system to evaluate an enterprise and provide audit opinions on the organizations, processes, risks, and risk controls. It is further desirable for the audit system to facilitate the evaluation of all aspects of an enterprise in a uniform manner. It is also desirable for the audit system to streamline the creation of audit opinions.